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o 

C^l ' Abstract. Let fl < GL(V) be a quasisimple classical group in its natural representation over 

. a finite vector space V, and let A = Nc L (v)(fi). We construct the projection from A to A/Q 

■ and provide fast, polynomial-time algorithms for computing the image of an element. Given a 
{J*} ' discrete logarithm oracle, we also represent A/Q as a group with at most 3 generators and 6 

relations. We then compute canonical representatives for the cosets of fi. A key ingredient of 
our algorithms is a new, asymptotically fast method for constructing isometries between spaces 
with forms. Our results are useful for the matrix group recognition project, can be used to solve 

■ element conjugacy problems, and can improve algorithms to construct maximal subgroups. 

o 

1. Introduction 

In this paper, we provide a variety of algorithms for classical groups. Fix a prime p and a 
power q oip, and let u = 2 for unitary groups and 1 otherwise. We consider groups H < GLd(q u ) 
such that Q < H < A, where O is a quasisimple classical group and A = N GLd ( g u)(il) is the 
| corresponding conformal group \KL90\ Section 2.1]. Most of our algorithms are randomised Las 

Vegas in the sense of [Bab97| . We often need Las Vegas algorithms whose output is independent 
of the random choices made. In this case we call the output canonical. 

The matrix group recognition project [LGOl] seeks to compute efficiently composition series 
for matrix groups over finite fields. By finding a geometry preserved by the group, in the sense of 
Aschbacher's theorem }Asc84| . a normal subgroup and its quotient can often be computed. This 
decomposition terminates on reaching groups that are almost simple, modulo their subgroup 
of scalar matrices. These groups are either classical groups in their natural representation 
(Aschbacher's class 8) or other almost simple groups (class 9). This paper provides algorithms 
for dealing with a group known to be in class 8. Algorithms to constructively recognise the 
quasisimple classical groups in their natural representation are known [Bro01|, IBro03] . This 
paper presents efficient, practical reduction algorithms for the other class 8 groups. 

Another motivation is constructing efficient algorithms for element conjugacy in classical 
groups H, when the dimension d is large. The fundamental problem is to determine if two 
elements are conjugate and, if so, provide a conjugating element. For the sake of memory 
efficiency, it makes sense to conjugate a single element to a canonical representative of its 
conjugacy class. Given a solution to this conjugacy problem for A [HM, Bri06], we can construct 
an algorithm to solve the element conjugacy algorithm in a group H between SI and A, provided 
that we have canonical coset representatives for H/Vt. This, along with applications to the 
construction of maximal subgroups, are the primary motivations for the requirement that our 
algorithms give canonical solutions. See Section 2] for more details. 
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We give our timings in terms of elementary finite field operations: addition, negation, multi- 
plication, and inversion. The number of field operations required by our algorithms is polynomial 
in d and log q, except for some algorithms which require calls to a discrete logarithm oracle. We 
specify when this is the case, and count the number of calls to the oracle. 

We consider multiplication of d x d matrices to take 0(d u ) field operations: for example, the 
standard method gives u = 3. For sufficiently large d (depending on the field size) Magma [BC07 
uses the algorithm of |Str69j with u = log 2 7 + e for any e > 0: this gives a noticeable practical, 
as well as a theoretical, improvement. 

A key algorithmic problem for classical groups is the construction of isometries between 
classical forms. We give a new method that is asymptotically faster than the method given in 
[HRD05] . 

Theorem 1.1. Suppose we have two nondegenerate symplectic, unitary, or quadratic forms on 
the space V = (¥ q u) d . We can determine if they are isometric, and find a canonical isometry 
between them, with a Las Vegas algorithm taking 0(d UJ + d 2 log 2 q) field operations. 

We now state our main theorem. 

Theorem 1.2. Let f2 < GL^(g u ) be a quasisimple classical group fixing a known classical form 
F, let A = N GLd(gU) (0), and let G = A/tt. 

(1) There is a deterministic algorithm which, on input F, constructs a finite presentation P\ 
for G in 0(log 2 g) field operations. There is a Las Vegas algorithm which constructs the 
image under the homomorphism A — >• P\ of g G A in 0(d UJ + d 2 log 2 q) field operations. 

(2) There is a deterministic algorithm which, on input F, constructs a power-conjugate pre- 
sentation P2 for G with at most 3 generators and 6 relations in 0(log 2 q) field operations. 
There is a Las Vegas algorithm which constructs the image under the homomorphism 
A — > P2 of g G A in 0(d u + d 2 log 2 q) field operations, plus at most two calls to a 
discrete logarithm oracle for F„2 . 

(3) There is a Las Vegas algorithm which, on input F and an element g G A, constructs a 
canonical representative of the coset Qg in 0{d U) + d 2 log 2 q) field operations. 

By the type of the form we mean one of: unitary, symplectic, orthogonal type +, orthgonal 
type — , orthogonal odd dimension. In Section [2] we define our canonical forms, and present 
algorithms for forms and classical groups, including proving Theorem ll.il In Section [3] we prove 
Theorem 11.21 In Section |4] we present some applications, before concluding in Section [5] with 
some data on our implementations: our algorithms are now part of the standard release of 
Magma. The timings for our algorithms depend on the type of the form - in Theorems 11.11 
and 11.21 we have given worst-case timings, but more detailed results are given below. 

2. Groups and forms 

In this section, we introduce some algorithms for classical forms and classical groups. We 
require that the output of each algorithm be canonical: for fixed input, every call to the algorithm 
gives the same output, even if the algorithm is randomised. 

2.1. Fields. Let p be a prime and let q be a power of p. As is standard, we assume that ¥ q is 
constructed by adjoining a canonical root £ of the Conway polynomial [JLPW 95] to the prime 
field F p , so that £ is the canonical primitive element of ¥ q . See [Liib] for a current list of the 
fields for which this assumption is valid. We let £ be the canonical primitive element of ¥ q 2, 
and recall that £ = £ 9+1 . Given a nonzero a G ¥ q , the discrete logarithm log^(a) is the unique 
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i = 0,1, ... ,q — 2 such that a = £\ We now show how to find canonical solutions to various 
equations over ¥ q or F„2. 

The next result is the main source of randomisation in our algorithms. 

Theorem 2.1 ( |GCL92"| Theorem 8.12]). A root in ¥ q 2 for a quadratic polynomial with coeffi- 
cients in F q can be found by a Las Vegas algorithm in O(logq) field operations. 

Let F* denote the multiplicative group of ¥ q and let IF* 2 denote the set of squares in IF* . Every 
element of ¥ q 2 can be written as ao+aiC+- ■ -+a m _iC m_1 , where p m = q 2 and a» G {0, . . . ,p— 1}. 
Lexicographically ordering the coefficients induces an ordering on ¥ q 2. We fix a canonical root 
of a quadratic equation by taking the smallest root with respect to this ordering on ¥ q 2 . Hence 
for a G Fq we can find a canonical square root y/a £ ¥ q 2. For q even, a has a unique square root, 
equal to a q l 2 , so \fa can be computed by a deterministic algorithm in O(logg) field operations. 
For a G F* with q odd, define l(ol) = if a G F* 2 and l(q) = 1 otherwise. Since t(a) = if and 
only if o^" 1 )/ 2 = 1, there is a deterministic algorithm to determine i{a) which takes O(logg) 
field operations. 

Canonical solutions for trace and norm equations are needed for the unitary groups. 

Proposition 2.2. Let a G F* . There is a deterministic algorithm to find a canonical solution 
rj G ¥ q 2 to the trace equation rj + rf = a which takes 0(1) field operations if q is odd, and 
0(log q) otherwise. There is a Las Vegas algorithm to find a canonical solution n G ¥ q 2 of the 
norm equation rj q+1 = a which takes 0(logq + log 2 p) field operations. 

Proof. For the trace equation with q odd, rj = a/2. Otherwise, use the fact that a t— > a q is an 
Fq-linear map. After we evaluate this map on an Fg-basis of ¥ q 2 deterministically in O(logg) 
field operations, the problem is reduced to two dimensional system of linear equations over ¥ q . 
Since rj exists by |Lan931 Theorem 6.3], it can now be found by linear algebra. 

We construct a solution to the norm equation in three cases. If a G F* 2 , let rj := \fa, then 
T ji+ 1 = rj 2 = a. Hag ¥ q 2 and q = 1 (mod 4), then -1 G F* 2 , so -a F* 2 . Hence the 
polynomial X 2 + a is irreducible over ¥ q , and its roots in ¥ q 2 have norm a, which can be found 
by Theorem [2TTT If a G" F* 2 and q = 3 (mod 4), then —a G F* 2 . Let f3 = y 7 -" and write 
p + 1 = 2 m s for s odd. Calculate c G F p in 0(log 2 p) field operations by 




By |BCM93j . the polynomial g(X) = X 2 - 2cX - 1 is irreducible over ¥ q . Hence -ag(X/(3) = 
X 2 — 2/3cX + a is also irreducible and its roots in F g 2 have norm a. □ 

The following elements are all used to compute with orthogonal groups. 
Proposition 2.3. 

(1) There is a deterministic algorithm to construct, on input an odd q, a canonical 7 G F* 
such that 7 and 1 — 47 are nonsquare. The algorithm takes O(logg) field operations. 

(2) There is a deterministic algorithm to construct, on input an even q, a canonical 7 G F* 
such that X 2 +X+7 is irreducible over¥ q . The algorithm takes 0(log 2 q) field operations. 

(3) There is a deterministic algorithm to construct, on input an odd q, a canonical v G F* 
such that 1 + v 2 is nonsquare. The algorithm takes 0(logq) field operations. 
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Proof. For (pQ) , note that £ + C q (recall that £ is the canonical primitive element in F 9 2 ) , as 
otherwise C 9 " 1 = -1 = C {g2 ~ 1)/2 - Set 7 = £(C+C 9 )~ 2 , then 7 G F g because 7^ = 7. Also, 7 F* 2 
because £ F* 2 . Finally, 1 - 4 7 = (C - C) 2 (C + C q )~ 2 F* 2 , since (C - C 9 )(C + C 9 ) -1 F g . 

For ([2]), let g = 2 m . If m is odd, let 7 = 1. Otherwise, let m = 2 r s with s odd. Define 
recursively: let ao = 1, and let ai+x be the canonical root of X 2 + X + cij in F g . Define 7 to be 
the first cij for which X 2 + X + aj is irreducible, if any. Define T : ¥ q — > ¥ q by T(x) = x 2 + x, 

and note that T(aj) = a 2 + a,, = aj_i for i > 1. It is easy to show that T 2 (x) = x 2 + x for all 
i. Now suppose a = a 2 r +1 G F 9 exists. Then T 2r+1 (a) = 1, so T 2 '' +1 (a) = T , 2 r+1 - 2 ''- 1 (i) = 0, 

and so a = a. Hence a G F 22 r+i , which intersects ¥ q in F 2 2>- . This implies that a = a, so 
T 2T (a) = 0, which contradicts T 2 ' +1 (a) = 1. Therefore j < 2 r < logg. 

For ©, note that 4C 9+1 (C - C 9 )" 2 G F g x2 . Let v = 2C ((?+1)/2 (C - C 9 )" 1 G F, be its square 
root, then 1 + v 2 g" F^ 2 . □ 

2.2. Forms and Isometries. In this subsection, we define our canonical forms, and present 
algorithms to construct isometries and similarities between forms. 

Let V = (¥ q u) d and let vi, . . . , Vd be the basis of V with (vi)j = 1 if i = j and otherwise. 
By diag(ai, 02, ■ ■ ■ , ad) we mean the d x d matrix with entry a, in position (i, i) and elsewhere. 
By antidiag(ai, 02, ■ ■ ■ , ad) we mean the d x d matrix with entry a, in position (i, d— % + 1) and 
elsewhere. By A © 1? we mean a block diagonal matrix, with blocks A and B along the main 
diagonal and elsewhere. We denote the transpose of A by A Tv . 

The following results are standard and can be found in [BCS97[ Chapter 16]. 

Theorem 2.4. There are deterministic algorithms to find the row echelon form, the rank, the 
nullspace, or the determinant of a d x d matrix over ¥ q . Each algorithm requires 0{d^) field 
operations. 

We refer to |Tay92| or [Gro02] for basic terminology on classical forms. We fix the following 
notation: either f3 is a nondegenerate symplectic or unitary form over V; or Q is a nondegenerate 
quadratic form over V and (3 is its polar form, so that 2Q{v) = fi(v,v). A vector v is isotropic 
if j3(v,v) = and singular if Q(v) = 0: note that if q is even and the form is quadratic then 
there can exist vectors that are isotropic but nonsingular. A vector is anisotropic if Q{v) 7^ 0. 
The matrix of /3 is F = (fi(vi,Vj))dxd, and satisfies fi(u,v) = uFv aTv , where a is the field 
automorphism x 1— > x q (nontrivial only in the unitary case). The matrix of Q is the upper 
triangular matrix M = (m,ij)dxd such that Q(v ) = vMv Tr for v = (01, . . . , ad). If /3 is the polar 
form of Q, then F = M + M Tr and F determines M if and only if q is odd. Forms /3i and f$2 
(or Qi and Q2) are isometric if there exists an A G GLd(q u ) such that j3\{u,v) = /32(uA,vA) 
for all u, v G V (respectively, such that Qi(v) = Q2(vA) for all v G V). Forms j3\ and /?2 (or Q\ 
and Q2) are similar if there exists a A G F* u such that /3i is isometric to A/32 (respectively, such 
that Q\ is isometric to Af^)- 

Definition 2.5 (Canonical classical forms). We define the following canonical forms: 
Symplectic or even dimension unitary: d = 2m and V has basis (ei, . . . , e m , f m , . . . , /1) 

with (3{ei,ej) = /3{fi,fj) = 0, Pfajj) = 

Unitary, odd dimension: d = 2m + 1 and V /ias basis (e±, . . . , e m , x, f m , . . . , fx) with (5{ei,ej) 
= PifiJj) = P(ei,x)=P(fi,x) = 0, /3(ei,/ i ) = % P(x,x) = l. 

Orthogonal, o type: d = 2m + 1 and V has basis (e±, . . . , e m , x, f m , . . . , fx) with Q°{e-i) = 
Q°{fi) = ^(euej) = PtfiJj) = f3°(e u x) = f3°{h,x) = 0, ^(e*,/,-) = <%, Q(x) = 1. 
Orthogonal, + type: d = 2m and V has basis (ex, ■ ■ ■ , e m , f m , . . . , fx) with Q + (ei) = Q + {fj) = 
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P+faej) = P+ifrJj) = and P+faJj) = <%. 

Orthogonal, — type: d = 2m + 2 and V has basis (ei, . . . , e m , x, y, f m , . . . , fi) with Q~{e.j) = 
Q~(fj) = P'faerf = p-(fi,fj) = 0, p-fajj) = 5 tj , p~(a,b) = for a G {e l J j }, b G {x,y}, 
Q~(x) = fi~(x,y) = 1, Q~(y) = 7, where 7 is as in Proposition \2.3[ 

It is well known (see for instance [Tay92| ) that every nondegenerate quadratic, symplectic 
or unitary form over a finite field is similar to exactly one of the forms given in Definition 12.51 
For odd dimension and characteristic, the two isometry classes of quadratic forms are similar. 
Otherwise, forms are similar if and only if they are isometric. The discriminant of Q is i(det(F)). 
Two quadratic forms are isometric if and only if they have the same discriminant. 

The following will be needed for constructing isometries and coset representatives. Unitary 
forms have an anisotropic vector whenever they are not identically zero, and quadratic forms 
have a nonsingular vector whenever they are not identically zero. However, symmetric forms 
may not have an anisotropic vector in even characteristic. 

Lemma 2.6. There is a deterministic algorithm which, on input a nonzero quadratic form, finds 
a canonical nonsingular vector v in 0{d 2 ) field operations. There is a deterministic algorithm 
which, on input a nonzero quadratic form in odd characteristic or a nonzero unitary form, finds 
a canonical anisotropic vector w in 0(d 2 ) field operations. There is a Las Vegas algorithm which, 
on input a nondegenerate quadratic form Q with q odd and d > 2, finds canonical nonsingular 
vectors u±,U2 such that l(Q(u\)) = and l(Q{u2)) = 1 in 0(d 2 + log 5) field operations. 

Proof. We first discuss finding v or w. To find v, let M = (rriij) be the matrix of the quadratic 
form. To find w, let M be the matrix of the polar form of Q or of the unitary form. To find v 
or w, now look for the smallest i such that ma 7^ 0. If i exists, take v = Vi or w = Wj. If none 
exists, let be lexicographically minimal subject to ray 7^ 0. Let v = Vi + Vj, and in the 
quadratic case let w = Vi + Vj also. If M is unitary, let w = vi + (vj, so that @(v, v ) = ( + £ 9 , 
which is nonzero as observed in the proof of Proposition 12.3( 1). 

To find u\ and U2, first choose v\ nonsingular as above. Compute as the nullspace of 
the column vector FvJ* in 0(d 2 ) field operations, then recursively choose nonsingular V2 G v^~: 
note that V2 G" (v\) as v\ is nonsingular. If possible, take u% = v; L for square Q(vi) and U2 = Vj 
for nonsquare Q(vj). If this is not possible, then either the Q(vi) are both square, or both are 
nonsquare. Let w = v% + V\/Q(vi)/Q(v2)v2, where v is as in Proposition 12.31 Then Q(w) = 
(1 + v 2 )Q{v 1) and hence l{Q{w)) = 1 if and only if i{Q{v{j) = 0, so let u\ be one of w or v\ and 
let U2 be the other. □ 

Next we present the main technical ingredient of our isometry construction algorithm. We 
deal uniformly with symplectic, unitary and symmetric bilinear forms, and refer to the symplectic 
case as case S. We define the initial k-block of a matrix X to be the matrix consisting of the 
first k columns of the first k rows of X. For a matrix over F-a, the map a is the qth power 
map on matrix entries and so the application of a takes O(logg) field operations for each entry. 
For a matrix X, we write X* for — X Tr in case S, for X <jTr in the unitary case, and for X Tr in 
the orthogonal case. Furthermore, we write X< for X Tr in case S and for X* otherwise. Let 
a = log q in the unitary case and otherwise. If SAS^ = B we say that S transforms A to B. 
Note that we do not assume that our forms are nondegenerate, so symplectic forms can have 
odd dimension. 

Theorem 2.7 (Diagonalise forms). Let A be the matrix of a (possibly degenerate) symmetric, 
unitary, or symplectic form over ¥ q u, where if q is even then the form is unitary or symplectic. 
There is a deterministic algorithm which, on input A, constructs a canonical S G GLd(q u ) such 
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that SAS^ is diagonal, or block diagonal with blocks of size at most 2 in case S. The algorithm 
takes 0{d U) + d 2 a) field operations, where a is logg in the unitary case and otherwise. 

We prove the result via a sequence of lemmas. 

Lemma 2.8. Let A be a matrix of the form 

A x A 2 
^ 3 
A* A* 3 A 4 

where A\ G GL&(g u ) for 1 < k < d — 1 (with k even in case S) and A3 has < s < d — k rows. 
There is a deterministic algorithm which, on input A, constructs a canonical S G GLd(q u ) such 
that 

A 3 
A* 3 A 5 

The algorithm takes 0(d ul + d 2 a) field operations. 



SAS^ = A 1 



400 

Proof. Let S = I h ) . □ 



-A'A' 1 /, 



d-k- 



Lemma 2.9. There is a deterministic algorithm which, on input A ^ 0, constructs a canonical 
S G GLd(q u ) such that SAS^ = A\ © with A\ G GLfc(g u ) for some 1 < k < d (with k even in 
case S). The algorithm takes 0(d u) ) field operations. 

Proof. Let S G GL^(g") be such that SA is in row echelon form, constructed in 0{d UJ ) field 
operations by Theorem 12.41 Then 

SAS^ =(* ) ^ = Y 

for some matrix X^xd with full row rank. Now, Y has its final d — k rows all zero, and Y = Y*. 
Thus the final d—k columns of Y are all zero, and the initial /c-block of Y is in GLk(q u ). □ 

Lemma 2.10. Let d = mod 4 in case S, and let d be even otherwise. There is a deterministic 
algorithm which, on input 

Ai 
At A 2 

with A\ G GL^/2(g"), constructs a canonical S G GL^(g") such that the initial (d/2)-block of 
SAS* 1 is invertible. The algorithm takes 0{d^ + d 2 a) field operations. 

Proof. First use Lemma O to construct U G GL d/2 {q u ) in 0(d w ) such that UA 2 U j < = A 3 © 0, 
with A3 G GLk(q u ) for some k < d/2 (and k even in case S). Construct Si = (AiU^)^ 1 © U in 
0(d w + ad 2 ) field operations, then 



A 



T3 ■— Q A Q~\ — ( J d/2 \ 

~ bl bl ~{i* d/2 A 3 eo ) 



d/2 

It is now routine to construct a canonical 52 such that S 2 BS\ has invertible initial {d/2)- 
block. " □ 

Lemma 2.11. Let I with 1 < I < d— 1 be given, with I even in case S. There is a deterministic 
algorithm which, on input an invertible matrix A, constructs a canonical S G GLrf(q ,u ) such that 
the initial l-block of SAS^ is invertible. The algorithm takes 0{d^ +d 2 a) field operations. 
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Proof. If I > 1 then first construct a canonical permutation matrix Si transforming A to a 
matrix B whose initial Z-block is not identically zero. If I = 1 and an = then construct a 
canonical anisotropic vector v in 0(d 2 ) field operations, by Lemma 12.61 an d let B be the form 
resulting from swapping this v with v\. Let 

R = ( Bl B<2 

V #1 £3 

where Si is Z x Z. If £?i is invertible, we are done. Otherwise, construct a matrix S2 such that 



n _ c not _ / Cl © C*2 

C :_ S 2 £S 2 - ( c * ^ 



where Ci = C*[ G GLfc(g u ) for some k < I (with k even in case S). The matrix C can be 
computed in 0(d UJ + ad 2 ) field operations by Lemma 12.91 Since C\ is invertible, by Lemma 
in 0(d LJ + ad 2 ) field operations we construct a matrix S3 such that 

D := S 3 CSt =d®(^ 

where D\ is (I — k) x (d — I). The fact that A and Ci are both invertible implies that D\ 
has full row rank, so construct a matrix P G GLrf_;(q u ) in 0(d UJ ) field operations such that 
L>iP = (Ei E 2 ) with £1 G GU-k{q u )- Let S 4 := © P ] '. Then 

/ 

E := S A DS\ = d © 

where E3 is (I — k) x (I — k). By Lemma 12.101 i n 0(d £J + ad 2 ) field operations we can construct 
a 2(7 — k) x 2(1 — k) matrix M such that 

has initial (/ — A;)-block invertible. Let Ss = 1^ © M © Id-21+k, then S^ESl has invertible initial 
Z-block. □ 




Proof of Theorem 2.7. If ^4 is identically zero, there is nothing to do. Otherwise, by Lemma [2. 9 [ 
in 0(d u) + d 2 a) field operations we can transform A to S\AS\ = A\ © with j4i G GL r (g u ) for 
some r < d, with r even in case S. Then by Lemma 12.111 in 0(d LJ + d 2 a) field operations we can 
construct a matrix S2 transforming A\ to a matrix ^2 whose initial /c-block £>i is invertible, where 
k = 2[r/4j in case S and k = [r/2\ otherwise. Now by Lemma f2.8l in 0(d u +d 2 a) field operations 
we can construct a matrix S3 transforming Ai to B\ © C\, where C\ = G GL r -k(q u ). We 
now recurse on B\ and Ci, stopping when we reach 2x2 matrices in case S or 1 x 1 matrices 
otherwise. The whole process completes in 0(d UJ + d 2 a) field operations and produces canonical 
matrices at each step. □ 

We remark that the symmetric case of the above theorem is proved in [BCS971 Theorem 
16.25], although we correct several minor errors in the proof. 

Theorem 2.12 (Transform forms). Suppose we have two nondegenerate symplectic, unitary, or 
quadratic forms on the space V = (¥ q u) d . We can determine if they are isometric, and find a 
canonical isometry between them, in O(C) field operations, where C is given in TableUl The 
algorithm used is deterministic for symplectic forms; otherwise it is Las Vegas. 
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Table 1. Complexity for transforming forms 



Form type 


C 


Symplectic 


tf" 








Unitary 


(F 


+ 


d 2 lo 


iq + d log 2 p 


Quadratic, q odd 


<F 


+ 


dlog 


q 


Quadratic, q even 




+ 


dlog 


q + log 2 q 



Proof. Note that it is enough to find an isometry or similarity from a given form to some fixed 
form. For quadratic forms we work at least initially with the polar form. 

If the form is of unitary type, or the polar form of a quadratic form in odd characteristic, 
then use Theorem 12.71 to diagonalise the matrix of the form to diag(ai, . . . , a<j). In case S (resp. 
the form is the polar form of a quadratic form in even characteristic), then transform its matrix 
to a block diagonal matrix with 2x2 (and lxl) blocks. 

In the symplectic case, each 2x2 block is equal to antidiag(a, —a) for some a£FJ. This 
is transformed to antidiag(l, —1) by diag(a , 1). 

In the unitary case, the form is transformed to Id by diag(«i, . . . , ad), where a% is a canonical 
solution to af +1 = a" 1 , using Proposition 12.21 

In the orthogonal case for q odd, if d is odd and the discriminant is nonsquare then let a be 
the first nonsquare entry, and multiply all entries by a -1 (we produce a similarity since a/1). 
In all orthogonal cases now transform all the square entries a% to 1 by -Jal~ and the nonsquare 
entries a, to the first nonsquare entry, fj,, by /x/aj. The entries \x are then changed in pairs to 
[i(l+v 2 ), using the fact that ( } v \ ) ( J„ \ ) = (l + ^ 2 )/ 2 , where v is as in Proposition [2]3j Each 
entry fi(l + v 2 ) can now be changed to 1, since //(l + v 2 ) E F x2 . If there is a single nonsquare 
entry remaining (so that d is even) then this is moved to the first row and transformed to £. 

In the orthogonal case for q even, the way that we have transformed the polar form matrix 
F also makes the matrix M of the quadratic form block diagonal with blocks of size at most 2 
(since F and M are identical above the diagonal). We now work with M. Since every element 
of Fg has a square root, we can convert every block in M to one of the forms (1), (oi)> or (oo)- 
Note that a summand ( J ? ) must have a / 0, otherwise it would be degenerate and so Q would 
also be degenerate. This also shows that there is at most one summand (1). 

Now consider a subform whose matrix is a pair of 2 x 2 blocks: (oi)®(ni) w hh respect 
to the basis u\,U2,u^,Ui- Changing to the basis u\ + 113, (ui + u^j/b, U\, bui + a(u^ + U4), we 

get the form with matrix ((jo)® (0 6(o"+6) ) ■ ^he second block can now be converted to ((jo) 
or (01) fo r some a' 7^ as above. 

So we eventually get a direct sum of copies of ((jo) together with at most one block of 
the form (1) or (i f). If the polynomial X 2 + X + a has a solution in ¥ q , then (J f ) can be 
transformed to (qJ), and otherwise it can be transformed to (0 7)- So we are done. □ 

Theorem 11.11 is just a simplified version of this result. Note that Theorems 11.11 and 12.121 
apply unchanged to computing similarities rather than isometries. 

2.3. Groups. Suppose (3 (or Q) is a nondegenerate form, as in the previous subsection. Then 
A := NQL d (,ju)(f2) consists of all similarities of the form with itself. The invariant group I 
consists of all isometries. We use notation from [KL90] for classical groups. For example, if 
(3 is a symplectic form, then A = CSp d (o , ,/3); if /3 is the canonical symplectic form, then we 
abbreviate this to CSp d (q)- 
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Define r : A — > ¥ q u by (3(ux,vx) = t(x)/3(u,v) for all u, v G V. It is well known (see for 
example [KL901 Lemma 2.1.2]) that r is a homomorphism with kernel /. 

Lemma 2.13. There is a deterministic algorithm which, on input g G A and the matrix F of 
(3, computes r(g) in 0(d 2 ) field operations. 

Proof. Find w such that wFvf 1 ^ in 0{d) field operations. Then r(g) is /3(wg,vig)/j3(w,vi). 

□ 

For quadratic forms, the spinor norm is an epimorphism from the general orthogonal group 
I = GO d (q,Q) toF+. 

Definition 2.14 (Spinor norm). Let g G GL(d,q) preserve the form Q. 

(1) For q odd, let U < V be the image of Id — g and define the bilinear form x on U by 
x(u,v) = 2/3(w,v) where w(Id — g) = u. The spinor norm of g is sp(g) = t(det(%)). 

(2) For q even, the spinor norm of g is sp(g) = rank(/rf + g) mod 2. 

Our definition for odd q is from |Ta y92| , except for the factor of two which we include so the 
values of the spinor norm agree with [KL90, p. 29]. We follow [KL90, Proposition 2.5.7] and 
define £ld(q,Q) := SO d(q,Q) n ker(sp). What we call the spinor norm for even q is called the 
Dickson invariant by some authors. 

Theorem 2.15. There is a deterministic algorithm that, on input g G GOd(q,Q), computes 
sp(g). If q is even then the algorithm takes 0{d U) ) field operations, otherwise it takes 0(d w +\ogq) 
field operations. 

Proof. If q is even, apply Theorem 12.41 If q is odd, compute the nullspace N of a := Id — g and 
find a matrix M whose rows are a basis to a complement of ./V in 0(d u ) field operations. Then 
the rows of Ma are a basis for the image of a. Calculate the form Xg ° n Ma as S = 2MF(Ma) Tr 
in 0{d ul ) field operations. Finally, find /-(detS 1 ). □ 

We finish this section with a discussion of reflections. Let v G V be nonsingular, so that 
Q(v) ^ 0. The reflection in v is the map refh, : V — > V, u t— > u — /3(u,v)v/Q(v). 

Lemma 2.16. Let Q be nondegenerate with polar form F, and let u,v G V be nonsingular. 

(1) All reflections are elements of GOd(q,Q), and have determinant —1 and order 2. 

(2) For q even, sp(refLj) = 1. 

(3) For q odd, sp(refbj) = i(/3(v,v)). 

(4) For q odd, &d(q, Q) refl n = ^(g, Q) refl„ if and only if t(/3(u, u)) = l(/3(v, v)). 

Proof. Parts (pQ) and ([2]) are well-known, and are easy exercises. For part ([3]), let g = refl„. Then 
(I d — g) has image (v), and maps v \-t 2v, so the matrix of Xg is (P( v i v))\ x i ■ Part (j4|) follows 
from part ([3]) and the fact that sp is a homomorphism. □ 

Proposition 2.17. Let Q be nondegenerate. For odd q and d > 2, there is a Las Vegas algorithm 
that constructs canonical reflections Ro,R± with sp(i?j) = i in 0(d 2 + logg) field operations. For 
even q and d > 2, a canonical reflection Rq can be constructed deterministically in 0(d 2 ) field 
operations. 

Proof. For q odd, by Lemma 12.61 we can find canonical vectors Uo,u\ with i(Q(ui)) = i. Note 
that UiFvJ r can be computed in 0(d) field operations for each j, as Fvj is the jth row of F. 
Then row j of refl ni is Vj — (uiFvJ r )Q(ui)^ 1 Ui. The case q even is similar. □ 
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3. Constructive homomorphisms 

In this section, for each type of classical group, we construct the quotient of the conformal 
group A by the quasisimple group O as a presentation in two ways. The first presentation has 
0(q) generators, and a word for the image of an element of A can be found in polynomial time. 
The second presentation is polycyclic with at most four generators and at most six relations, 
but words for images can only be found using discrete logarithms. To our knowledge, for the or- 
thogonal groups such presentations only exist in the literature for the projective groups [KL90, 
Sections 2.5-2.8]. Note that the first presentation has a constant number of generators and 
relations when considered as an FC-presentation in the sense of |CHM08] . We also compute 
canonical representatives for cosets of 0, which are needed for the conjugacy problem in Sec- 
tion HI Throughout this section we assume that O is quasisimple, which eliminates some small 
dimensional exceptional cases. 

Our main result in this section is the following theorem. 

Theorem 3.1. Let £1 < GL^(g M ) be a quasisimple classical group fixing a known classical form, 
let A = NgL d ((j U )(f2) an d let G := A/fi. Let X be the matrix tranforming the canonical form to 
the given form ( Theorem li.il) . Let Xi, IZi, and Ci (i = 1,2) be defined as in TablelM 

(0) A is generated by O and Xq. 

(1) P\ = {X\ | 1Z\) is a presentation for G. The image of g G A as a canonical word in P\ 
can be computed in 0{C{) field operations. 

(2) P2 = {X2 I 7^2) is a polycyclic presentation for G. The image of g G A as a canonical 
word in Pi can be computed in 0{C\) field operations plus Ci discrete logarithms. 

(3) A canonical representative of the coset Vlg, where g £ A, can be computed in 0{C^) field 
operations. 

For unitary and orthogonal groups, these algorithms are Las Vegas; in the other cases they are 
deterministic. 

Note that Theorem ll.2l is just a simplified version of this result. The proof is straightforward 
in the linear and symplectic cases, and is similar to the unitary case. 

Proof of Theorem\3J\ unitary case. Proof of ®: By [KL901 Table 2.1.C], [A : ft] = q 2 - 1. The 
matrix ^4(A) G A for all A G F x 2 , as ^4(A) preserves the canonical unitary form up to scalars. 

The matrix P(A) G GU d{q) for all A G F x 2 , as it preserves the canonical unitary form. The 
determinant of B(() has order q + 1, so B := (P(A), is cyclic of order q + 1. The r map 

shows that (A(X),B)/B is cyclic of order q — 1, so the result follows. 

Proof of (p]): First we check the presentation Pi. Since A(X)A(fj,) = A(Xfj,), we see that 
a(X)a(fi) = a(Xfi), and similarly b(X)b(fj,) = b(X/i). It follows from the proof of (0) that 6(A) 9+1 = 
1, and that some power of a(A) is a power of 6(A). To show that a(X) q ^ 1 = b(X) d , note that 
A(X) q ~ 1 B(X)~ d has determinant 1. 

We map g G A to a(r(g))6(/x _d det(g)) G Pi, where /i is the canonical solution of = 
r(g). This is the correct image since it factors through det and r correctly. Since r(g) can be 
computed by a deterministic algorithm in 0{d 2 ) field operations by Lemma 12.131 and /x can be 
computed by a Las Vegas algorithm in 0(log q + log 2 p) field operations by Proposition 12.21 the 
result follows. 

Proof of ([2]): It is clear that P2 presents the same group as Pi. To write g G A as a word 
in a and b, find the discrete logarithms of r(g) and pT d det(g). 

Proof of ([3]): Use Theorem 11.11 to find X such that SUd(g,/3) = S\Jd(q) X - Take the coset 
representative of g G A to be (A{T(g))B{^~ d det(g))) x . □ 
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(1) The generators Ro,Ri G X$ are defined as in Proposition 12 .171 For the group n, d (q), we define 7 as in Proposition 

(2) We define a(X) £ X2 to be the coset flA(X), and similarly for 6(A), ro, n, c(A), co, for A,// e F*„ and i G Fj ■ 

(3) The following relations are in 72-i whenever the relevant generators are defined: 
a(X)a(p) = a(A/x), &(A)6(/i) = 6(A/z), c(A)c(/i) = e(A/z), rg = r\ = (r ri) 2 = 1. 

(4) The following relations are in 7?-2 whenever the relevant generators are defined: Tq = r\ — (rori) 2 = 1. 
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In the remainder of this section, we consider the orthogonal case. Since f2 is quasisimple 
by assumption, d > 3. If q is even, we also assume d is even, since in even characteristic the 
odd degree orthogonal groups are isomorphic to symplectic groups. For e G {+,— ,°} we write 

G = G%g) := cofaynfa). 

Our first result proves Theorem 13. ll jO]). and part of Theorem 13. ll fT]) for the orthogonal case. 

Proposition 3.2. The group CO e d (q) is generated by Q € d (q) together with the generators X in 
Table® Furthermore, P\ = (X\\1Z\) is a presentation for G e d (q). 

Proof. It is easy to check that C e (A) G CO e d (q) and C Q G CO d (q). Note that r(C e (A)) = A 2 
when q is odd and e is o or — ; whilst r(C" E (A)) = A in all other cases. One may check that 

The kernel of r on CO^(g) is GO^(q), and its image is F* if d is even, and F* 2 otherwise 
|KL90l §2.1]. For d odd, r(C°(£)) = £ 2 generates F* 2 . If e is + or q is even, then r(C £ (£)) = f 
generates F*. Finally, if e is — and q is odd, then t(C~(£)) = £ 2 and t{Cq) = 7 generate 
F*, since 7 is nonsquare. Since GO d {q) is generated by Q d (q) and the reflections, CO e d (q) is 
generated by the given elements. 

For q even or d odd, G € (<7) = (ro) x (c(£)) =Fj xF x . For q odd, is an extension of 

(r ,ri) (F+) 2 by (c(f)) = F£, whilst G~(g) is an extension of (r ,ri) = (F+) 2 by (c(£),ci) = 
F*. Hence G e (q) has the same order as CO^(q , )/fi^(g) [KL901 § 2.1]. It therefore suffices to 
show that the relations hold. 

All relations involving only ro and r\ hold because the quotient GO d (q)/Cl d (q) is an elemen- 
tary abelian 2-group. For the relations involving ro or r\ conjugated by c(A) or Co, note that 
refl^ = refl„ ff for v G V and g G CO d (q). For q even, all reflections are in the same coset of Q d (q), 

and so = ro. For q odd, i(Q(vg)) = l(Q(v)) + i{r{g)). For the relations involving products 
and powers of c(A) and cq, one checks that C e (X)C e (fi) = C e (\fi) and so c(A)c(/i) = c(A/i). 
Now, C , 2 m+1 (— 1) = J m © (—1) © = reflx, and since Q°(x) = 1 we deduce that c(— 1) = ro- 
Finally, C~(A) commutes with Cq"; (Cq - ) 2 = C~(7); and C~(-l) = J m © —I2 @ I m = refl x refl y , 
so c(— 1) = rori. □ 

By setting c = c(£), or c = c(y / ^7 _1 ) c o for q odd and e = — , we get presentations for the 
same groups with a bounded number of generators and relations. 

Corollary 3.3. P2 = (X2 \R-2) is a presentation for G d {q). 

We can now prove Theorem 13.11 for the orthogonal groups. If q is odd and Q is of — type, 
we assume that the discrete log of 7 has been precomputed in (|2|). We only give the case where 
q is odd, d is even, and Q is of — type, as the other orthogonal cases are similar. 

Proof of Theorem \3.1[ orthogonal minus case. Proof of (j0|): This is immediate from Proposi- 
tion IO 

Proof of (pQ): It is immediate from Proposition 13.21 that Pi presents G e d (q). For the ho- 
momorphism, we first find a canonical matrix X which tranforms the canonical form to F, in 
0(d u + d 2 log q) field operations. We compute r(g) in 0(d 2 ) field operations. If r{g) is a square, 
we take A = sj r(g), z = c(A) and C = C _ (A). Otherwise we take A = \J r(g)j~ 1 , z = coc(A), 
and C = C Q C-(X). We then let h = g^C' 1 , find a = det(/i) and b = sp(h) in 0((i w + log?) 
field operations. We map g to r\z, where b' = b if a = 1 and b' = b + 1 otherwise. 

Proof of ([2]): It is immediate from Corollary 13.31 that Pi presents G d {q). For the homomor- 
phism, find k = log^ 7 A = with a discrete log call, and map g to r^r\c k . 
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Proof of ©: Write down Rq and R± from Proposition 12 . 1 71 in 0(d u + log q) field operations, 
then the representative is (Rq R\C) x . □ 

We finish with a special case, where our algorithms run faster. 

Proposition 3.4. Let Q be a nondegenerate quadratic form, and let g G GO c i(q,Q). Then the 
image of g under the natural homomorphism to F^" (q even) or (F^) 2 (q odd) can be found by 
a deterministic algorithm in 0(d u ) field operations (q even) or 0(d u) +logg) field operations (q 
odd) . A canonical coset representative for g can then be constructed by a deterministic algorithm 
in 0(d?) field operations if q is even and, given £, by a Las Vegas algorithm in 0(d u + logg) 
field operations otherwise. 

4. Applications: conjugacy and maximal subgroups 

Given a finite group G, the basic conjugacy problems are: 

(1) find a set of canonical representatives of the conjugacy classes of G; 

(2) given x £ G, find g G G such that x 9 is a canonical class representative; and 

(3) given a class representative x, find generators for Cq(x). 

We conjugate to a class representative in problem [21 rather than designing an algorithm to 
conjugate arbitrary pairs of elements, because it reduces memory requirements. This way we 
need only work with a single element of the group, since the representative itself is implicit in 
the algorithm but does not usually need to be written down. This was our motivatation for the 
inclusion of canonical coset representatives in Theorem 13. 1 f f3]) . 

Suppose we can solve the element conjugacy problem in the group A. We briefly describe 
how to solve the same problem for groups G with H < G < A. This is a slight generalisation of 
the results of [Wal80], and is based on the following lemma. 

Lemma 4.1. Let A be a group, A a finite group, and <p : A — > A an epimorphism. Let £1 be the 
kernel of (p. Suppose G is a group with £1 < G < A. Given g G G, the G-classes contained in 
gA correS p 0n( i i the elements of A/(f>(Cj\(g)G) under the map 

(g h ) A ^ ^(C A (g)Gh) 

for h in A. 

Proof. Clearly every G-class in g A is of the form (g h ) G for some h € A. Now (g h ) G = (g h ') G if 
and only if g hg = g h for some g' G G, that is, hg'h'~ is in C/\(g) for some g' G G. Since G 
is normal in A, this is equivalent to h being in C&(g)Gh' , which means C&(g)Gh = C&(g)Gh' . 
Since A/ 4>(C&(g)G) is naturally isomorphic to A/Ca (<?)(?, we are done. □ 

Hence, in order to compute the classes in G from the classes in A, we need to know the images 
of centralisers under <f> and we need representatives h a G (j)~ 1 (a) for all a £ A. If G is not normal 
in A, we need to apply this lemma more than once: since A/fl is soluble for classical groups Q, 
every G with Q < G < A is subnormal in A. 

Solving problem (UJ is only possible for relatively small groups, but since Theorem I3.1I |3|) 
gives canonical coset representatives we can find canonical class representatives to solve problem 
([2]) without first solving ([]]). Canonical class representatives also simplify the centraliser problem 
([3]), and allow us to compare results between different runs of the algorithms. A detailed 
description of these algorithms is given in jHMj. 

An important application of Theorem 11.11 is to the construction of maximal subgroups of 
classical groups, as in [HRD05, HRDlOlj. When writing down generating matrices for a maximal 
subgroup, it is often convenient to construct initial matrices which preserve a form other than 
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Table 3. Spinor norm on GO^q, Q) 
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Magma's canonical classical form. We then conjugate the matrices so that they preserve the 
correct form. Since the isometry construction algorithm given in [HRD05] does not return the 
same conjugating matrix each time, different conjugates of the maximal subgroup are found each 
time it is constructed. Using Theorem 11.11 the same subgroup can now be constructed each 
time. This is not essential, but is often useful: for example when investigating containments 
between subgroups. 

5. Timings 

In this section we present two tables of timings data for a Magma 2.14-9 [BC07] implemen- 
tation of our algorithms. We tested our spinor norm algorithm on GOd(q,Q) on all five cases: 
odd dimension and odd characteristic, and both types of form in even dimensions in both even 
and odd characteristic. In each case we computed the spinor norm of a random element of a 
random conjugate of the general orthogonal group. 

Next we tested the canonical coset representative algorithms on all five cases. We took a 
random conjugate of the conformal orthogonal group, and then selected a random element. The 
time to find coset representatives for elements of the general orthogonal group lies between that 
taken to compute the spinor norm and to find coset representatives in the conformal orthogonal 
group. 

The experiments were carried out on a 1.5 GHz PowerPC G4 processor. The machine has 
1.25GB of RAM, but memory was not a factor. All times are given in milliseconds, and are the 
average of 50 trials; the symbol - indicates that the average time was less than 1 millisecond. 

As we would expect, the time required grows extremely slowly with q, and somewhat more 
quickly with d. Far less time is required for even q than odd q. Notice however that the 
representation of the field is more significant than its size, as 3 16 is only about four times larger 
than 10000019, yet the tests always take far longer. 
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